Threat Source Newsletter (Jan. 13, 2022)

Newsletter compiled by Jon Munshaw.

Good afternoon, Talos readers.  
Move out of the way, Log4j! Traditional malware is back with a bang in 2022. While Log4j is likely still occupying many defenders’ minds, the bad guys are still out there doing not-Log4j things. We have new research out on a campaign spreading three different remote access tools (RATs) using public internet infrastructures like Amazon Web Services and Microsoft Azure Sphere.
If you’re looking to unwind after all the Log4j madness, we also have a new Beers with Talos episode that’s one of our more laid-back productions. We, unfortunately, said goodbye to Joel, but it was not without tequila and discussions about “Rent.”

Cybersecurity week in review
A well-known Iranian state-sponsored actor is exploiting the widespread Log4j vulnerability to deliver a new PowerShell backdoor. The group, APT35, use the backdoor to set up C2 communications, perform system enumeration, and decrypt and load additional modules.The White Hosue is hosting a meeting with major tech companies to discuss the security of open-source software in the wake of the Log4j vulnerability. Invitees include representatives from Apache — the makers of Log4j, Google, Microsoft and VMware.The H2 database engine contains a vulnerability similar to Log4shell, though it doesn’t appear to

Read More: